[Git][security-tracker-team/security-tracker][master] Associate three Backdrop CMS CVEs with backdrop itp'ed entry

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Nov 22 08:40:49 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3b611f9c by Salvatore Bonaccorso at 2022-11-22T09:40:15+01:00
Associate three Backdrop CMS CVEs with backdrop itp'ed entry

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -12700,7 +12700,7 @@ CVE-2022-42094
 CVE-2022-42093
 	RESERVED
 CVE-2022-42092 (Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'th ...)
-	NOT-FOR-US: Backdrop CMS
+	- backdrop <itp> (bug #914257)
 CVE-2022-42091
 	RESERVED
 CVE-2022-42090
@@ -32704,7 +32704,7 @@ CVE-2022-34532
 CVE-2022-34531 (DedeCMS v5.7.95 was discovered to contain a remote code execution (RCE ...)
 	NOT-FOR-US: DedeCMS
 CVE-2022-34530 (An issue in the login and reset password functionality of Backdrop CMS ...)
-	NOT-FOR-US: Backdrop CMS
+	- backdrop <itp> (bug #914257)
 CVE-2022-34529 (WASM3 v0.5.0 was discovered to contain a segmentation fault via the co ...)
 	NOT-FOR-US: WASM3
 CVE-2022-34528 (D-Link DSL-3782 v1.03 and below was discovered to contain a stack over ...)
@@ -72737,7 +72737,7 @@ CVE-2021-45270
 CVE-2021-45269
 	RESERVED
 CVE-2021-45268 (** DISPUTED ** A Cross Site Request Forgery (CSRF) vulnerability exist ...)
-	NOT-FOR-US: Backdrop CMS
+	- backdrop <itp> (bug #914257)
 CVE-2021-45267 (An invalid memory address dereference vulnerability exists in gpac 1.1 ...)
 	- gpac 2.0.0+dfsg1-2
 	[buster] - gpac <end-of-life> (EOL in buster LTS)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b611f9c6a928ad79d1bab846c128ffa9ce215f9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b611f9c6a928ad79d1bab846c128ffa9ce215f9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221122/e67f0006/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list